massmux.org Labs

Share this post

massmux.org Labs
massmux.org Labs
Configuring Password store on Debian
Copy link
Facebook
Email
Notes
More

Configuring Password store on Debian

A simple, clean, intuitive and Unix-centric command line based password manager!

Massimo Musumeci
Sep 29, 2024
10

Share this post

massmux.org Labs
massmux.org Labs
Configuring Password store on Debian
Copy link
Facebook
Email
Notes
More
1
Share

Today we will see how to install and configure a very powerful password manager command line based, very secure and perfect for managing some Bitcoin details. This password manager follows the Unix philosophy and it is perfect for running on a Debian. We are talking about “pass” that stores passwords using a GPG based encryption.

Installation

To install we just have to apt the following resources: 

sudo apt update
sudo apt install gpg pass

Generate keys

then we need a GPG key pair. We can import an existing key for this purpose, but in my opinion it’s better to create a dedicated key pair, this can be accomplished by running the following interactive command:

dev@titanus:~$ gpg --generate-key
gpg (GnuPG) 2.2.40; Copyright (C) 2022 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: massmux
Email address: massmux@gmail.com
You selected this USER-ID:
    "massmux <massmux@gmail.com>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/dev/.gnupg/trustdb.gpg: trustdb created
gpg: directory '/home/dev/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/dev/.gnupg/openpgp-revocs.d/A2E1CF172C496EC43EAD59396FE76189FBB981ED.rev'
public and secret key created and signed.

pub   rsa3072 2024-09-29 [SC] [expires: 2026-09-29]
      A2E1CF172C496EC43EAD59396FE76189FBB981ED
uid                      massmux <massmux@gmail.com>
sub   rsa3072 2024-09-29 [E] [expires: 2026-09-29]

Now you have a pub key identified by A2E1CF172C496EC43EAD59396FE76189FBB981ED

Initialize Password-store

and you are ready to initialize pass. The initialization will be then something like this in our case:

dev@titanus:~$ pass init A2E1CF172C496EC43EAD59396FE76189FBB981ED
mkdir: created directory '/home/dev/.password-store/'
Password store initialized for A2E1CF172C496EC43EAD59396FE76189FBB981ED

As you can see the password store is initialized ad associated to the mentioned key and the file location is in home directory, inside the hidden dir .password-store/

With this powerful tool, infact, each stored password lives inside of a gpg encrypted file whose filename is the title of the resource that requires the password

Add passwords to the Store

Now we can start

adding some passwords. Let’s imaging we are storing the PIN and the bip32 root fingerprint of a bitbox hardware wallet. Here what we can do

dev@titanus:~$ pass insert wallets/bitbox/PIN 
mkdir: created directory '/home/dev/.password-store/wallets'
mkdir: created directory '/home/dev/.password-store/wallets/bitbox'
Enter password for wallets/bitbox/PIN: 
Retype password for wallets/bitbox/PIN:

The result is:

dev@titanus:~$ pass
Password Store
└── wallets
    └── bitbox
        ├── fingerprint
        └── PIN

You can apreciate how simple and intuitive is the output. Very easy to visualize and all without leaving the text mode on the terminal.

If you explore the directory you can find

dev@titanus:~$ ls -la .password-store/wallets/bitbox/
total 16
drwx------ 2 dev dev 4096 29. Sep 17:55 .
drwx------ 3 dev dev 4096 29. Sep 17:54 ..
-rw------- 1 dev dev  459 29. Sep 17:55 fingerprint.gpg
-rw------- 1 dev dev  455 29. Sep 17:54 PIN.gpg

So the directory is composed by the same structure shown by the pass command and each password is a gpg encrypted file. Astonishing simple, inuitive and easy to manage and backup. The backup can be easily done just copying the directory (and obviously making the backup of your GPG key).

Thanks for reading massmux Labs! Subscribe for free to receive new posts

I hope you found this tutorial useful. If so, please subscribe to this news letter for free and join my divulgative channels:

  • https://x.com/massmux

  • https://primal.net/massmux

thank you for reading.

10

Share this post

massmux.org Labs
massmux.org Labs
Configuring Password store on Debian
Copy link
Facebook
Email
Notes
More
1
Share

Discussion about this post

No posts

Ready for more?

© 2024 Massimo Musumeci
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More